specification
specification copied to clipboard
The Update Framework specification
While building Sigstore TUF clients it's necessary to parse the various resource types (Root, Snapshot, Target,..). Most languages have serialization tools that can do this automatically with the right OpenAPI...
This text has been modified a lot (see #209 for latest) but the [root update section of client workflow](https://theupdateframework.github.io/specification/latest/#update-root) is still difficult for new readers: > **5. Check for a...
Two related issues: 1. If you don't *publish* the repository careful (i.e., in the same order that the spec tells you to update), you can run into lots of race...
The client workflow describes in detail how to *update metadata* in order to download a target. However, it should be clarified how *use local trusted metadata* in order to download...
It should be possible to use the new [dependency caching](https://github.com/actions/setup-python#caching-packages-dependencies) in the setup-python action and simplify our workflows.
The [timestamp.json] states that the timestamp `meta` section MUST only contain a description of the snapshot.json file. However, [updating the timestamp role] does not describe when to perform this verification....
We've done a good job at automating most of the [release management rules](https://github.com/theupdateframework/specification#versioning). One chore that remains to be done manually, and, as a consequence, is usually forgotten, is: >...
I'm updating rust-tuf to work with TUF-1.0.30. As part of reading through the spec, I that @rdimitrov changed the spec in #209 to allow us to exit the update-cycle early...
It could be valuable for potential adopters of TUF if there were some documentation beyond the specification, published papers and conversations captured on GitHub, that goes into detail about certain...
At beginning of update, TUF client try to update root role,but most of time there is no update of root role. For a check for updates step, at lease 2...